Folks,<br><br>Any tip or advice for this scenario? <br><br>Any help will be really appreciated.<br><br>Jorge<br><br><div class="gmail_quote">On Sun, Nov 23, 2008 at 3:20 PM, Jorge Andrade <span dir="ltr"><<a href="mailto:harryjsa@gmail.com">harryjsa@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<p><span lang="EN-US">Hi list,</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">I am having
problems to connect from clients behind NAT. From a client without a NAT, VPN
successful connects.</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">Relevant
details:</span></p>
<p><span lang="EN-US">kernel:
Linux 2.6.18-53.el5</span></p>
<p><span lang="EN-US">Distro:
CentOS 5.1</span></p>
<p><span lang="EN-US">OpenSwan:
Openswan IPsec U2.6.14/K2.6.18-53.el5 (netkey)</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">/etc/ipsec.conf</span></p>
<p><span lang="EN-US">version 2.0</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">config
setup</span></p>
<p><span lang="EN-US"><span> </span>nat_traversal=yes</span></p>
<p><span lang="EN-US"><span> </span>protostack=netkey</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">conn
%default</span></p>
<p><span lang="EN-US"><span> </span>keyingtries=1</span></p>
<p><span lang="EN-US"><span> </span>compress=yes</span></p>
<p><span lang="EN-US"><span> </span>disablearrivalcheck=no</span></p>
<p><span lang="EN-US"><span> </span>authby=secret</span></p>
<p><span lang="EN-US"><span> </span>pfs=no</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">conn
roadwarrior-l2tp</span></p>
<p><span lang="EN-US"><span> </span>left=189.X.X.X</span></p>
<p><span lang="EN-US"><span> </span>leftprotoport=17/1701</span></p>
<p><span lang="EN-US"><span> </span>right=%any</span></p>
<p><span lang="EN-US"><span> </span>rightsubnet=vhost:%priv,%no,%v4:<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a></span></p>
<p><span lang="EN-US"><span> </span>rightprotoport=17/1701</span></p>
<p><span lang="EN-US"><span> </span>pfs=no</span></p>
<p><span lang="EN-US"><span> </span>type=transport</span></p>
<p><span lang="EN-US"><span> </span>auto=add</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">#Disable
Opportunistic Encryption</span></p>
<p>include /etc/ipsec.d/examples/no_oe.conf</p>
<p> </p>
<p><span lang="EN-US">/etc/ipsec.secrets
</span></p>
<p><span lang="EN-US">#include
/etc/ipsec.d/*.secrets</span></p>
<p><span lang="EN-US">189.X.X.X
%any : PSK "mytestkey"</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">/etc/xl2tpd/xl2tpd.conf</span></p>
<p><span lang="EN-US">[global]</span></p>
<p><span lang="EN-US">listen-addr
= 189.X.X.X</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">[lns
default]</span></p>
<p><span lang="EN-US">ip range =
10.10.40.230-10.10.40.254</span></p>
<p><span lang="EN-US">local ip =
<a href="http://10.10.40.1" target="_blank">10.10.40.1</a></span></p>
<p><span lang="EN-US">require
chap = yes</span></p>
<p><span lang="EN-US">refuse pap
= yes</span></p>
<p><span lang="EN-US">require
authentication = yes</span></p>
<p><span lang="EN-US">name =
LinuxVPNserver</span></p>
<p><span lang="EN-US">ppp debug =
yes</span></p>
<p><span lang="EN-US">pppoptfile
= /etc/ppp/options.xl2tpd</span></p>
<p><span lang="EN-US">length bit
= yes</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">/etc/ppp/options.xl2tpd</span></p>
<p><span lang="EN-US">ipcp-accept-local</span></p>
<p><span lang="EN-US">ipcp-accept-remote</span></p>
<p><span lang="EN-US">lcp-echo-interval
30</span></p>
<p><span lang="EN-US">lcp-echo-failure
6 </span></p>
<p><span lang="EN-US">ms-dns<span> </span><a href="http://10.10.40.1" target="_blank">10.10.40.1</a></span></p>
<p><span lang="EN-US">ms-wins
<a href="http://10.10.40.1" target="_blank">10.10.40.1</a></span></p>
<p><span lang="EN-US">noccp</span></p>
<p><span lang="EN-US">auth</span></p>
<p><span lang="EN-US">crtscts</span></p>
<p><span lang="EN-US">idle 1800</span></p>
<p><span lang="EN-US">mtu 1410</span></p>
<p><span lang="EN-US">mru 1410</span></p>
<p><span lang="EN-US">nodefaultroute</span></p>
<p><span lang="EN-US">debug</span></p>
<p><span lang="EN-US">lock</span></p>
<p><span lang="EN-US">proxyarp</span></p>
<p><span lang="EN-US">connect-delay
5000</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">* Logs for
client without NAT</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">/var/log/secure</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 ipsec__plutorun: Starting Pluto subsystem...</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: Starting Pluto (Openswan Version 2.6.14;
Vendor ID OEoSJUweaqAX) pid:1399</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: Setting NAT-Traversal port-4500 floating to
on</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]:<span> </span>port
floating activation criteria nat_t=1/port_float=1</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]:<span>
</span>including NAT-Traversal patch (Version 0.6c)</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: using /dev/urandom as source of random
entropy</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC:
Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:08:35 corp-core01 pluto[1399]: starting up 1 cryptographic helpers</span></p>
<p><span lang="EN-US">Nov 23
17:08:36 corp-core01 pluto[1399]: started helper pid=1408 (fd:7)</span></p>
<p><span lang="EN-US">Nov 23
17:08:36 corp-core01 pluto[1408]: using /dev/urandom as source of random
entropy</span></p>
<p><span lang="EN-US">Nov 23
17:08:36 corp-core01 pluto[1399]: Using Linux 2.6 IPsec interface code on
2.6.18-53.el5 (experimental code)</span></p>
<p><span lang="EN-US">Nov 23
17:08:36 corp-core01 pluto[1399]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
<NULL>: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: Could not change to directory
'/etc/ipsec.d/cacerts': /</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: Could not change to directory
'/etc/ipsec.d/aacerts': /</span></p>
<p><span lang="EN-US">Nov 23
17:08:37 corp-core01 pluto[1399]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: Could not change to directory
'/etc/ipsec.d/crls'</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: Changing back to directory '/' failed - (2 No
such file or directory)</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: Changing back to directory '/' failed - (2 No
such file or directory)</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: added connection description
"roadwarrior-l2tp"</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: listening for IKE messages</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: adding interface ppp0/ppp0 189.X.X.X:500</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: adding interface ppp0/ppp0 189.X.X.X:4500</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: adding interface eth1/eth1 <a href="http://10.10.40.1:500" target="_blank">10.10.40.1:500</a></span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: adding interface eth1/eth1 <a href="http://10.10.40.1:4500" target="_blank">10.10.40.1:4500</a></span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: adding interface lo/lo <a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a></span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: adding interface lo/lo <a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a></span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: adding interface lo/lo ::1:500</span></p>
<p><span lang="EN-US">Nov 23
17:08:38 corp-core01 pluto[1399]: loading secrets from
"/etc/ipsec.secrets"</span></p>
<p><span lang="EN-US">Nov 23
17:10:44 corp-core01 pluto[1399]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000004]</span></p>
<p><span lang="EN-US">Nov 23
17:10:44 corp-core01 pluto[1399]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: ignoring Vendor
ID payload [FRAGMENTATION]</span></p>
<p><span lang="EN-US">Nov 23
17:10:44 corp-core01 pluto[1399]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 </span></p>
<p><span lang="EN-US">Nov 23
17:10:44 corp-core01 pluto[1399]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: ignoring Vendor
ID payload [Vid-Initial-Contact]</span></p>
<p><span lang="EN-US">Nov 23
17:10:44 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: responding to Main Mode from unknown peer <a href="http://201.8.29.194" target="_blank">201.8.29.194</a></span></p>
<p><span lang="EN-US">Nov 23
17:10:44 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1</span></p>
<p><span lang="EN-US">Nov 23
17:10:44 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: STATE_MAIN_R1: sent MR1, expecting MI2</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: STATE_MAIN_R2: sent MR2, expecting MI3</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: Main mode peer ID is ID_IPV4_ADDR: '<a href="http://201.8.29.194" target="_blank">201.8.29.194</a>'</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: the peer proposed: 189.X.X.X/32:17/1701 -> <a href="http://201.8.29.194/32:17/1701" target="_blank">201.8.29.194/32:17/1701</a></span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pr in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: responding to Quick Mode proposal {msgid:65b17fe7}</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2:<span> </span>us: 189.X.X.X<189.X.X.X>[+S=C]:17/1701</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2:<span> </span>them: <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>[+S=C]:17/1701</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2</span></p>
<p><span lang="EN-US">Nov 23
17:10:45 corp-core01 pluto[1399]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x86dc727b
<0x1f0091d4 xfrm=3DES_0-HMAC_MD5 NATOA=<invalid>
NATD=<invalid>:500 DPD=enabled}</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">/var/log/messages</span></p>
<p><span lang="EN-US">Nov 23
17:10:47 corp-core01 xl2tpd[1120]: Connection established to <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>,
1701.<span> </span>Local: 37989, Remote: 2
(ref=0/0).<span> </span>LNS session is 'default' </span></p>
<p><span lang="EN-US">Nov 23
17:10:47 corp-core01 xl2tpd[1120]: Call established with <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>, Local:
41968, Remote: 1, Serial: 0 </span></p>
<p><span lang="EN-US">Nov 23
17:10:47 corp-core01 pppd[1665]: pppd 2.4.4 started by root, uid 0</span></p>
<p><span lang="EN-US">Nov 23
17:10:47 corp-core01 pppd[1665]: Using interface ppp1</span></p>
<p><span lang="EN-US">Nov 23 17:10:47
corp-core01 pppd[1665]: Connect: ppp1 <--> /dev/pts/6</span></p>
<p><span lang="EN-US">Nov 23
17:10:48 corp-core01 pppd[1665]: Unsupported protocol 'Compression Control
Protocol' (0x80fd) received</span></p>
<p><span lang="EN-US">Nov 23
17:10:48 corp-core01 pppd[1665]: found interface eth1 for proxy arp</span></p>
<p><span lang="EN-US">Nov 23 17:10:48
corp-core01 pppd[1665]: local<span> </span>IP address
<a href="http://10.10.40.1" target="_blank">10.10.40.1</a></span></p>
<p><span lang="EN-US">Nov 23
17:10:48 corp-core01 pppd[1665]: remote IP address <a href="http://10.10.40.230" target="_blank">10.10.40.230</a></span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">* Logs for
client behind NAT</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">/var/log/secure</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 ipsec__plutorun: Starting Pluto subsystem...</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: Starting Pluto (Openswan Version 2.6.14;
Vendor ID OEoSJUweaqAX) pid:2241</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: Setting NAT-Traversal port-4500 floating to
on</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]:<span> </span>port
floating activation criteria nat_t=1/port_float=1</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]:<span>
</span>including NAT-Traversal patch (Version 0.6c)</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: using /dev/urandom as source of random
entropy</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:13:56 corp-core01 pluto[2241]: starting up 1 cryptographic helpers</span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2241]: started helper pid=2251 (fd:7)</span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2251]: using /dev/urandom as source of random
entropy</span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2241]: Using Linux 2.6 IPsec interface code on
2.6.18-53.el5 (experimental code)</span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2241]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
<NULL>: Ok (ret=0)</span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2241]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2241]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:13:57 corp-core01 pluto[2241]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_register_enc(): WARNING: enc alg=0
not found in constants.c:oakley_enc_names<span>
</span></span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_add(): ERROR: Algorithm already
exists</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: ike_alg_register_enc(): Activating
<NULL>: FAILED (ret=-17)</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: Could not change to directory
'/etc/ipsec.d/cacerts': /</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: Could not change to directory
'/etc/ipsec.d/aacerts': /</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: Could not change to directory
'/etc/ipsec.d/crls'</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: Changing back to directory '/' failed - (2 No
such file or directory)</span></p>
<p><span lang="EN-US">Nov 23
17:13:58 corp-core01 pluto[2241]: Changing back to directory '/' failed - (2 No
such file or directory)</span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: added connection description
"roadwarrior-l2tp"</span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: listening for IKE messages</span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: adding interface ppp0/ppp0 189.X.X.X:500</span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: adding interface ppp0/ppp0 189.X.X.X:4500</span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: adding interface eth1/eth1 <a href="http://10.10.40.1:500" target="_blank">10.10.40.1:500</a></span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: adding interface eth1/eth1 <a href="http://10.10.40.1:4500" target="_blank">10.10.40.1:4500</a></span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: adding interface lo/lo <a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a></span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: adding interface lo/lo <a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a></span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: adding interface lo/lo ::1:500</span></p>
<p><span lang="EN-US">Nov 23
17:13:59 corp-core01 pluto[2241]: loading secrets from
"/etc/ipsec.secrets"</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000004]</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: ignoring Vendor
ID payload [FRAGMENTATION]</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 </span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: ignoring Vendor
ID payload [Vid-Initial-Contact]</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: responding to Main Mode from unknown peer <a href="http://201.8.29.194" target="_blank">201.8.29.194</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: STATE_MAIN_R1: sent MR1, expecting MI2</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: STATE_MAIN_R2: sent MR2, expecting MI3</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: Main mode peer ID is ID_IPV4_ADDR: '<a href="http://201.8.29.194" target="_blank">201.8.29.194</a>'</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</span></p>
<p><span lang="EN-US">Nov 23
17:14:16 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}</span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: the peer proposed: 189.X.X.X/32:17/1701 -> <a href="http://201.8.29.194/32:17/1701" target="_blank">201.8.29.194/32:17/1701</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23 17:14:17
corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a> #1:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pr in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: responding to Quick Mode proposal {msgid:bfe83f53}</span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2:<span> </span>us: 189.X.X.X<189.X.X.X>[+S=C]:17/1701</span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2:<span> </span>them: <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>[+S=C]:17/1701</span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1</span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2</span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2</span></p>
<p><span lang="EN-US">Nov 23
17:14:17 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x36d7da49
<0x5ab14582 xfrm=3DES_0-HMAC_MD5 NATOA=<invalid>
NATD=<invalid>:500 DPD=enabled}</span></p>
<p><span lang="EN-US">Nov 23
17:14:29 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: received Delete SA(0x36d7da49) payload: deleting IPSEC State
#2</span></p>
<p><span lang="EN-US">Nov 23
17:14:29 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#2: request to replace with shunt a prospective erouted policy with netkey
kernel --- experimental</span></p>
<p><span lang="EN-US">Nov 23
17:14:29 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: received and ignored informational message</span></p>
<p><span lang="EN-US">Nov 23
17:14:29 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>
#1: received Delete SA payload: deleting ISAKMP State
#1</span></p>
<p><span lang="EN-US">Nov 23
17:14:29 corp-core01 pluto[2241]: "roadwarrior-l2tp"[1] <a href="http://201.8.29.194" target="_blank">201.8.29.194</a>:
deleting connection "roadwarrior-l2tp" instance with peer
<a href="http://201.8.29.194" target="_blank">201.8.29.194</a> {isakmp=#0/ipsec=#0}</span></p>
<p><span lang="EN-US">Nov 23
17:14:29 corp-core01 pluto[2241]: "roadwarrior-l2tp": request to
delete a unrouted policy with netkey kernel --- experimental</span></p>
<p><span lang="EN-US">Nov 23
17:14:29 corp-core01 pluto[2241]: packet from <a href="http://201.8.29.194:500" target="_blank">201.8.29.194:500</a>: received and
ignored informational message</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: packet from <a href="http://189.24.76.188:500" target="_blank">189.24.76.188:500</a>: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]</span></p>
<p><span lang="EN-US">Nov 23 17:14:32
corp-core01 pluto[2241]: packet from <a href="http://189.24.76.188:500" target="_blank">189.24.76.188:500</a>: ignoring Vendor ID
payload [FRAGMENTATION]</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: packet from <a href="http://189.24.76.188:500" target="_blank">189.24.76.188:500</a>: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 </span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: packet from <a href="http://189.24.76.188:500" target="_blank">189.24.76.188:500</a>: ignoring
Vendor ID payload [Vid-Initial-Contact]</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[2] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: responding to Main Mode from unknown peer <a href="http://189.24.76.188" target="_blank">189.24.76.188</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[2] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[2] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: STATE_MAIN_R1: sent MR1, expecting MI2</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[2] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[2] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[2] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: STATE_MAIN_R2: sent MR2, expecting MI3</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[2] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: Main mode peer ID is ID_FQDN: '@casa01'</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[2] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: switched from "roadwarrior-l2tp" to "roadwarrior-l2tp"</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: deleting connection "roadwarrior-l2tp" instance with peer
<a href="http://189.24.76.188" target="_blank">189.24.76.188</a> {isakmp=#0/ipsec=#0}</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: new NAT mapping for #3, was <a href="http://189.24.76.188:500" target="_blank">189.24.76.188:500</a>, now <a href="http://189.24.76.188:4500" target="_blank">189.24.76.188:4500</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: peer client type is FQDN</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: Applying workaround for MS-818043 NAT-T bug</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: IDci was FQDN: \275\031(V, using NAT_OA=<a href="http://192.168.0.100/32" target="_blank">192.168.0.100/32</a> as IDci</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: the peer proposed: 189.X.X.X/32:17/1701 -> <a href="http://192.168.0.100/32:17/1701" target="_blank">192.168.0.100/32:17/1701</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pr in
duplicate_state, please report to <a href="mailto:dev@openswan.org" target="_blank">dev@openswan.org</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#4: responding to Quick Mode proposal {msgid:8b2e7e93}</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#4:<span> </span>us: 189.X.X.X<189.X.X.X>[+S=C]:17/1701</span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#4:<span> </span>them:
<a href="http://189.24.76.188" target="_blank">189.24.76.188</a>[@casa01,+S=C]:17/1701===<a href="http://192.168.0.100/32" target="_blank">192.168.0.100/32</a></span></p>
<p><span lang="EN-US">Nov 23
17:14:32 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1</span></p>
<p><span lang="EN-US">Nov 23
17:14:33 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2</span></p>
<p><span lang="EN-US">Nov 23
17:14:33 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2</span></p>
<p><span lang="EN-US">Nov 23
17:14:33 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#4: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xf0887f84
<0x63648101 xfrm=3DES_0-HMAC_MD5 NATOA=<a href="http://192.168.0.100" target="_blank">192.168.0.100</a> NATD=<a href="http://189.24.76.188:4500" target="_blank">189.24.76.188:4500</a>
DPD=none}</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">(After 678
error)</span></p>
<p><span lang="EN-US">Nov 23
17:15:08 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: received Delete SA(0xf0887f84) payload: deleting IPSEC State
#4</span></p>
<p><span lang="EN-US">Nov 23
17:15:08 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#4: request to replace with shunt a prospective erouted policy with netkey
kernel --- experimental</span></p>
<p><span lang="EN-US">Nov 23
17:15:08 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: received and ignored informational message</span></p>
<p><span lang="EN-US">Nov 23
17:15:08 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3] <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>
#3: received Delete SA payload: deleting ISAKMP State
#3</span></p>
<p><span lang="EN-US">Nov 23
17:15:08 corp-core01 pluto[2241]: "roadwarrior-l2tp"[3]
<a href="http://189.24.76.188" target="_blank">189.24.76.188</a>: deleting connection "roadwarrior-l2tp" instance with
peer <a href="http://189.24.76.188" target="_blank">189.24.76.188</a> {isakmp=#0/ipsec=#0}</span></p>
<p><span lang="EN-US">Nov 23
17:15:08 corp-core01 pluto[2241]: "roadwarrior-l2tp": request to
delete a unrouted policy with netkey kernel --- experimental</span></p>
<p><span lang="EN-US">Nov 23
17:15:08 corp-core01 pluto[2241]: packet from <a href="http://189.24.76.188:4500" target="_blank">189.24.76.188:4500</a>: received and
ignored informational message</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">/var/log/messages</span></p>
<p><span lang="EN-US">Nov 23
17:14:40 corp-core01 xl2tpd[1950]: Maximum retries exceeded for tunnel
48658.<span> </span>Closing. </span></p>
<p><span lang="EN-US">Nov 23
17:14:40 corp-core01 xl2tpd[1950]: Connection 13 closed to <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>, port
1701 (Timeout) </span></p>
<p><span lang="EN-US">Nov 23
17:14:50 corp-core01 xl2tpd[1950]: Can not find tunnel 37989 (refhim=0) </span></p>
<p><span lang="EN-US">Nov 23
17:14:55 corp-core01 xl2tpd[1950]: Maximum retries exceeded for tunnel
7179.<span> </span>Closing. </span></p>
<p><span lang="EN-US">Nov 23
17:14:55 corp-core01 xl2tpd[1950]: Connection 13 closed to <a href="http://189.24.76.188" target="_blank">189.24.76.188</a>, port
1701 (Timeout) </span></p>
<p><span lang="EN-US">Nov 23
17:14:59 corp-core01 xl2tpd[1950]: Can not find tunnel 37989 (refhim=0)</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">Thanks in
advance for any help,</span></p>
<p><span lang="EN-US"> </span></p><font color="#888888">
<p><span lang="EN-US">Jorge</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US"> </span></p>
</font></blockquote></div><br>